How does the REST API scanning work?

The REST API scanning in the web application service capabilities allow the scanner to inject vulnerability detection patterns into JSON REST APIs.

You're able to provide a Open API specification document, which is parsed by the scanner and used as the starting point for identifying any vulnerability class (such as SQL injections, XXE and deserialization issues) in REST APIs.

Note that the open API specification needs to be published in order for Holm Security to scan the API.

The specification can be converted from other file formats such as WADL.